According to a recent survey by Norton, 94 percent of users on the internet think they can spot phishing emails. Unfortunately, they couldn’t be more wrong.
The fact is that hackers are becoming savvier when it comes to finding personal information and tricking not only you, but your friends into providing more.
Jere L. Simpson, CEO and founder of Arlington-based KITEWIRE said these days hackers are using social engineering to nab your personal information and use it for mining information, gaining account access and blackmail.
“Social engineering is the easiest method to breach accounts. Your best friend, date of birth and mother's maiden name are extremely easy to find on Facebook. Criminals will duplicate one of your friend’s accounts using the same photo and private message you that they created two accounts for business and friends in order to gain access to your information.” Jere said.
Once cyber criminals gather enough information about a person/owner of a company, then they go to work in figuring out details to breach the network.
Colonel Timothy Evans (Ret), cofounder and vice president of strategy of Arlington-based Adlumin said, “Health care data is the most valuable because it provides enough information for an intruder to apply for credit, loans, etc. without the individual even knowing that someone else has applied for credit in their name.
“Once the intruder steals legitimate credentials, they can move freely throughout the network without setting off any alerts. Their next task is to escalate their privileges to administrator so they can move about the network freely.”
Then you’re really screwed.
For a small startup or business owner, dishing out tons of cash for a high performing network server and IT consultant isn’t a reality when you’re bootstrapping. However, our cyber experts have some advice and inexpensive ways to protect your data from potential threats.
Let’s Start With the Facebook Feed
Taking photos at work to show off the team, work environment or the latest coffee machine is great, but you need to consider what is in the background of your photos, and if are you unintentionally posting personal or confidential information.
“Be extremely careful what information is put on social media. Look for information that is in the background of photos like screen or paper information. Latergram as many photos as you can instead of posting them in the moment,” Jere said.
Don’t Open The Flood Gates
Reducing the number of people who have administrative access to files, a network, etc. can decrease chances for a breach.
“Probably the key for a small company is to limit the user’s authority on its network to conducting activities that a general user should do. In other words, do not make everyone on the network an administrator, they do not need that authority,” Timothy said.
It’s also a good idea to have monitor logs to understand who is accessing certain files and online tools.
“Ensure that your users are doing what their logs say they are doing. If the system says that you used a USB drive to download gigabytes of information, the follow-up question is, did you do that. There are free tools that you can use to check your own logs to ensure that the actions that are being taken on your network. At a minimum, a small company should audit the company’s privileged access users to ensure that their activities are in line with their duties and actual activities,” Timothy said.
Newbie Doesn’t Get the Keys to the Kingdom
While founders want to trust that every tech employee is honest, Jere said it’s not a bad idea to gradually ease them into full access of the network. Most importantly, change your network password often enough to avoid any potential problems.
“Don't give every new tech SaaS access to your calendar, email, contacts, drive, location etc. Also, use a formula for your passwords so that each password is unique and you can always figure it out…and never write it down.” Jere said.
Yes, You Must Change the Passwords
Changing your passwords is the oldest, yet most important, advice any cyber expert can offer you, because it works, so do it. Also, our experts want you and your employees to stop sending your username and password over the network, email or communication tools like Slack.
“If you need to give someone a username and password, don't send both over the same communication,” Jere said. “Calling on the phone or video chat is often the most secure method.”
Did I mention changing the password? Timothy recommends conducting privileged account password resets every 30 days. Seriously.
Employees Can Be Your Superheroes
Your employees can be the first line of defense when it comes to thwarting cyber attacks. Take time to educate them on what to look for if faced with a potential threat.
“Be very unified as a small company that no employee will click on an email link or document received without being sure that the document or link is from a known vendor, partner, or trusted party. This takes a lot of discipline, however, it is the absolute best method to prevent an attack,” Timothy said.
“Talk with your employees and let them know that simple carelessness could result in putting a company out of business. Breaches of customer data or credit card information will result in damage to the company’s name at a very minimum.”
This article was written in partnership with Arlington Economic Development. Learn more about AED here.